all InfoSec news
CVE-2023-41890 (saml2)
Sept. 19, 2023, 3:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity …
1.0.3 act asp cve identity identity provider library malicious .net response service service provider support the web web
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
5 months, 4 weeks ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Engineer
@ Commit | San Francisco
Trainee (m/w/d) Security Engineering CTO Taskforce Team
@ CHECK24 | Berlin, Germany
Security Engineer
@ EY | Nicosia, CY, 1087
Information System Security Officer (ISSO) Level 3-COMM Job#455
@ Allen Integrated Solutions | Chantilly, Virginia, United States
Application Security Engineer
@ Wise | London, United Kingdom